How severe is CVE-2021-43807?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-43807?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2021-43807

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-290

View all →

Vulnerability Description

Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case.

CVE-2017-12095

MEDIUM

CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default crede...

CWE-2902017

CVE-2017-12096

MEDIUM

CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted net...

CWE-2902017

CVE-2019-10875

MEDIUM

CVSS:6.5(Medium)

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query paramet...

CWE-2902019

CVE-2019-13709

MEDIUM

CVSS:6.5(Medium)

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

CWE-2902019

CVE-2019-25023

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inje...

CWE-2902019

CVE-2019-3775

MEDIUM

CVSS:6.5(Medium)

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a d...

CWE-2902019

CVE-2021-43807

Vulnerability Description

Related Vulnerabilities

CVE-2017-12095

CVE-2017-12096

CVE-2019-10875

CVE-2019-13709

CVE-2019-25023

CVE-2019-3775